This is exactly what i have already written. IPFire cannot do anything against such attacs because the bottleneck is the line between isp and the IPFire (or any other firewall) only the ISP can help here.

I use the DHCP Client on my test system (APU2c4) and my main IPFire (OrangePi Zero) of course assign RFC1918 IP's.
So my APU get 192.168.202.xx on red via the dhcp client and also display this on the WebIF. (Maybee it stays on connecting if the route has no connection to the real Net)

To be clear : the forum.ipfire.org error messages are just an example. It happens with all sort of sites / mail-servers a.s.o., all the time Same here. All DNSSec signed domains fails sometimes and the fails are cached for 5 min. Not sure if also unsigned domains are also affected. It is certainly ...

Now IPFIRE announces the FRITZBOX-DNS as "Primary DNS:" instead of the IPFIRE-DNS. Be carefull. With this you disable the DNSSec validation. That makes me conclude something in Core 127 is generating the problem. To be clear : in Core 125 I never had this problem. I have never seen such problems wi...